Processing Event Logs in PowerShell

re: Processing Event Logs in PowerShell

Russ Pitcher — Thu, 21 May 2009 15:05:37 GMT

? Limit-EventLog ?

Surely 'Set' would be a far better choice of verb than 'Limit'?

re: Processing Event Logs in PowerShell

ichoudhury — Thu, 21 May 2009 17:17:10 GMT

Why would you even bother to create a new cmdlet rather than enhancing get-eventlog ? I really do appreciate the improvement and I can see why Get-WinEvent would be my choice, but I would have liked it even better if you said .. "Well, Get-eventlog on v2 can do whole lot more than what you are used to" ...

Hypothetically

PS > (Get-EventLog -List ).Count

160

:))

(I sound annoyed, but actually I am more curious instead)

re: Processing Event Logs in PowerShell

Link Hogjowl — Fri, 22 May 2009 03:30:12 GMT

Link should be http://www.computerperformance.co.uk/powershell/powershell_eventlog.htm

re: Processing Event Logs in PowerShell

PowerShellTeam — Sat, 23 May 2009 00:46:26 GMT

RT @Hogjowl : Link has been corrected. Thanks for pointing it out.

RT @ichoudhury : You are right, it would have been a better experience if Get-EventLog did everything. However, we did this a new cmdlet because a) Windows Vista Event model is very different b) It depends on .NET 3.5 and we didn't want to add to this dependency on Get-Eventlog (which is targeted towards XP/win2k3)

Thanks

Osama

re: Processing Event Logs in PowerShell

egb — Wed, 27 May 2009 10:20:27 GMT

Why do these cmdlets not work for V2 on VISTA?

I must be missing something, but

get_WinEvent

doesn't exist at all and

gcm *eventlog* -commandtype cmdlet

produces a single line describing Get_EventLog.

Windows Event Log in PowerShell - Part II

Windows PowerShell Blog — Thu, 11 Jun 2009 11:07:45 GMT

In part 1 of “ Event logs in Powershell ” we talked about differences between Get-EventLog and Get-WinEvent.

where's backup-eventlog?

marc carter — Tue, 21 Jul 2009 17:56:38 GMT

The problem I'm running into is when trying to create a backup (.evt) of the event log on a x64 server. I'm unable to resolve the path for a log file unless I use the WMI class Win32_NTEventLogFile. Which isn't a terrible thing, unfortunetly Win32_NTEventLogFile doesn't seem to know about the system logs on my x64 servers (example results below) which reside in WoW64 (not system32) folder.

[Win32_NTEventLogFile]

LogfileName

-----------

Internet Explorer

[Get-EventLog]

Name

----

Application

Internet Explorer

Security

System

Is there a similar .Net property to LogfileName that I can use when calling BackupEventLog in order to grab the file path of each event log?

The only properties returned by get-eventlog (that I am aware of) are...

[Properties]

Container

EnableRaisingEvents

Entries

Log

LogDisplayName

MachineName

MaximumKilobytes

MinimumRetentionDays

OverflowAction

Site

Source

SynchronizingObject